The Canadian city of St. Marys, Ontario has been hit by a ransomware attack that locked staff out of internal systems and encrypted data.
The small town of around 7,500 people appears to be the latest target of the notorious LockBit ransomware group. On July 22, a message on LockBit’s dark website listed townofstmarys.com as a ransomware victim and previewed the files that had been stolen and encrypted.
In a phone call, St. Marys Mayor Al Strathdee said The edge that the city was responding to the attack with the help of a team of experts.
“To be honest, we’re in a bit of a shock,” Strathdee said. “It’s not nice to be targeted, but the experts we hired have identified the threat and told us how to react. The police are interested and have resources dedicated to the case… there are people here working on it 24/7.”
Strathdee said that after the systems were locked down, the city received a ransom demand from the LockBit ransomware gang but hasn’t paid anything to date. In general, the Canadian government’s cybersecurity guidelines have discouraged ransom payments, Strathdee said, but the city would take the response team’s advice on how to engage further.
Screenshots shared on the LockBit site show the file structure of a Windows operating system, containing directories corresponding to municipal operations such as finance, health and safety, wastewater treatment, files property and public works. Under LockBit’s standard operating methods, the city was given time to pay to unlock its systems or see the data published online.
Brett O’Reilly, Communications Manager for the City of St. Marys, led The edge to a press release issued by St. Marys in which the city provided further details. According to the statement, essential city services such as transit and water systems were unaffected by the incident, and the city is attempting to unlock computer systems and restore backup data.
According to an analysis of Saved future, the LockBit group alone took credit for 50 ransomware incidents in June 2022, making it the most prolific ransomware group globally. In fact, St. Marys is the second small town to be targeted by LockBit in just over a week: On July 14, LockBit listed data from the town of Frederick, Colorado (population 15,000 ) as having been hacked, a claim that is currently being investigated by city officials. The LockBit listing for Frederick is currently demanding a $200,000 ransom for not releasing the data.
Increasingly, smaller municipalities are finding themselves the target of sophisticated global ransomware groups with extensive technical knowledge and resources. In March, the FBI’s Cyber Division issued a notification to government agencies’ private industry partners, noting that ransomware attacks were “straining local US governments and utilities.”